1. Overview

PivotBank (“we”, “us”, or “our”) operates this website and associated services. We are committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

The core principle: Your bank statement PDFs are processed entirely within your browser using client-side JavaScript. They are never uploaded to our servers, never transmitted over the network, and never stored by us. The document stays on your device from start to finish.

2. Information We Collect

2.1 Account Information

If you create an account, we collect your name and email address. You may sign in via Google OAuth or with an email and password. We do not store plain-text passwords — credentials are hashed using industry-standard algorithms.

2.2 Usage Data

We record the number of pages converted per day to enforce tier limits (e.g. 3 pages/day for anonymous users, 10 pages/day for free accounts). We store only a page count and a timestamp — never the content of your statements.

2.3 Anonymous Session Identifiers

For unauthenticated users we generate a short-lived anonymous session ID stored in your browser's local storage. This is used solely to enforce the daily page limit and is not linked to any personally identifiable information.

2.4 Cookies

We use a single session cookie for authentication purposes. We do not use advertising cookies, tracking pixels, or third-party analytics scripts that transmit your data to other companies.

3. Your Bank Statement Data

When you drop a PDF into PivotBank, the file is read by your browser's local JavaScript engine. Text extraction, transaction parsing, and spreadsheet generation all happen on your device. No PDF content, transaction data, or financial information is ever sent to our servers or any third-party service.

We cannot access, view, or recover your bank statements. We have no copy of them.

4. Third-Party Services

4.1 Stripe

Pro subscriptions are billed through Stripe. When you subscribe, your payment details are collected and stored by Stripe directly — we never see or store your card number. Stripe's privacy policy is available at stripe.com/privacy.

4.2 Google OAuth

If you choose to sign in with Google, we receive your name and email address from Google's OAuth service. We do not receive access to your Google Drive, Gmail, or any other Google service data.

5. Data Retention

Account data (name, email, subscription status) is retained for as long as your account is active. Conversion count records (page counts and timestamps, no content) are retained for 30 days for limit-enforcement purposes.

You may delete your account at any time from the Account Settings page. Upon deletion, all your personal data is permanently removed from our systems within 30 days.

6. Data Security

We use industry-standard security measures including HTTPS encryption for all data in transit and encrypted storage for data at rest. Access to production databases is restricted to authorised personnel only.

7. Your Rights

Depending on your jurisdiction you may have rights including: access to your personal data, correction of inaccurate data, deletion of your data, portability of your data, and the right to object to certain processing.

To exercise any of these rights, contact us at hello@pivotbank.app.

8. Children's Privacy

PivotBank is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of PivotBank after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy, please contact us:

Email: hello@pivotbank.app
Contact form: /contact